Questions around nrpe. We see a lot of these error messages
Feb 3 13:58:49 xx-xx-001 nrpe[53960]: Error: (use_ssl == true): Request packet version was invalid!
Feb 3 13:58:49 xx-xx-001 nrpe[53960]: Could not read request from client 10.2.36.191, bailing out...
Feb 3 13:58:49 xx-xx-001 nrpe[53960]: INFO: SSL Socket Shutdown.
We don’t use SSL so why would this be happening?
More info:
The check_nrpe on the server is version 4
root@xx-xx-001 0 14:03:31 /usr/local/nagios/etc # /usr/local/nagios/libexec/check_nrpe --version
NRPE Plugin for Nagios
Version: 4.0.3
The nrpe version on the clients are version 3 with no updates to version 4 available.
root@xx-xx-001 0 14:00:57 /var/log # yum info nrpe
Loaded plugins: product-id, rhnplugin, search-disabled-repos, subscription-manager
This system is receiving updates from RHN Classic or Red Hat Satellite.
eus-custom-repo_c | 871 B 00:00:00
Installed Packages
Name : nrpe
Arch : x86_64
Version : 3.2.0
Release : 6.el7
Size : 356 k
Repo : installed
From repo : eus-epel-7_2018-07-11
Summary : Host/service/network monitoring agent for Nagios
URL : http://www.nagios.org
Licence : GPLv2
Description : Nrpe is a system daemon that will execute various Nagios plugins
: locally on behalf of a remote (monitoring) host that uses the
: check_nrpe plugin. Various plugins that can be executed by the
: daemon are available at:
: http://sourceforge.net/projects/nagiosplug
:
: This package provides the core agent.
Available Packages
Name : nrpe
Arch : x86_64
Version : 3.2.1
Release : 8.el7
Size : 261 k
Repo : eus-epel-77_2020-02-24
Summary : Host/service/network monitoring agent for Nagios
Licence : GPLv2
Description : Nrpe is a system daemon that will execute various Nagios plugins
: locally on behalf of a remote (monitoring) host that uses the
: check_nrpe plugin. Various plugins that can be executed by the
: daemon are available at:
: http://sourceforge.net/projects/nagiosplug
:
: This package provides the core agent.
Error: (use_ssl == true): Request packet version was invalid
Re: Error: (use_ssl == true): Request packet version was inv
Apparently newer versions of the NRPE receiver will straight-up reject packets from version 3 of the Nagios NRPE client:
As far as why it's reporting SSL = true when you disabled SSL, I'd need to inspect your configuration to determine what's going on. Seems like the only way to disable SSL on the receiver side is to run nrpe with the -n flag. What's the output from the following command?NRPE daemon should no longer accept packets from version 3, and the client should never accept packets unless they match the packet version that was sent.
-- madlohe (NagiosEnterprises/nrpe@5ed18d75)
Code: Select all
ps -A x -f |grep -i nrpeIf you didn't get an 8% raise over the course of the pandemic, you took a pay cut.
Discussion of wages is protected speech under the National Labor Relations Act, and no employer can tell you you can't disclose your pay with your fellow employees.
Discussion of wages is protected speech under the National Labor Relations Act, and no employer can tell you you can't disclose your pay with your fellow employees.
Re: Error: (use_ssl == true): Request packet version was inv
Woah thats a bit of a worry as we have version 3 on receivers and 4 on the server..
Regarding SSL this is the output of the ps command:
/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
Regarding SSL this is the output of the ps command:
/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
Re: Error: (use_ssl == true): Request packet version was inv
Does that error go away if you pass a -3 to the check?
Or:
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H X.X.X.X -3Code: Select all
/usr/local/nagios/libexec/check_nrpe -H X.X.X.X -3 -n